From a2f27d7725bebdaf5733b79f0e6014485e4eeacf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Mar 2023 11:32:59 +0200 Subject: [PATCH] Add Syncthing support --- docs/services/syncthing.md | 87 ++++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 5 ++- group_vars/mash_servers | 35 +++++++++++++++ requirements.yml | 4 ++ setup.yml | 2 + 5 files changed, 131 insertions(+), 2 deletions(-) create mode 100644 docs/services/syncthing.md diff --git a/docs/services/syncthing.md b/docs/services/syncthing.md new file mode 100644 index 0000000..c0af409 --- /dev/null +++ b/docs/services/syncthing.md @@ -0,0 +1,87 @@ +# Syncthing + +[Syncthing](https://syncthing.net/) is a **continuous file synchronization** program which synchronizes files between two or more computers in real time, safely protected from prying eyes. + + +## Dependencies + +This service requires the following other services: + +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# syncthing # +# # +######################################################################## + +syncthing_enabled: true + +syncthing_hostname: mash.example.com +syncthing_path_prefix: /syncthing + +# By default, the data directory is created at (`/mash/syncthing/data`), as defined below. +# If you'd like to put it elsewhere on the host, uncomment and edit the line below. +# +# Regardless of the location of the data directory on the host, +# it will be mounted into the Syncthing container at `/data`. +# syncthing_data_path: "{{ syncthing_base_path }}/data" + +# To mount additional data directories, use `syncthing_container_additional_volumes`. + +# Secure with HTTP Basic Auth (at the Traefik level) +syncthing_basicauth_enabled: true + +# Syncthing is NOT a multi-user system. +# Whichever user you authenticate with later, you would get to the same shared system. +syncthing_basicauth_credentials: + - username: someone + password: secret-password + - username: another + password: more-secret-password + +######################################################################## +# # +# /syncthing # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/syncthing`. + +You can remove the `syncthing_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + +### Authenticaiton + +You can log in with **any** of the Basic Auth credentials defined in `syncthing_basicauth_credentials`. Syncthing is **not a multi-user system**, so whichever user you authenticate with, you'd ultimately end up looking at the same shared system. + +Authentication is **done at the reverse-proxy level** (Traefik), so upon logging in, Syncthing will show you scary warnings about **no GUI password being set**. You should ignore these warnings. + +You can hide the warning permanently by going to **Actions** -> **Advanced** -> **GUI** section -> checking the **Insecure Admin Access** checkbox. + +### Configuration & Data + +The Syncthing configuration (stored in `syncthing_config_path` on the host) is mounted to the `/var/syncthing` directory in the container. +By default, Syncthing will create a default `Sync` directory underneath. We advise that you **don't use this** `Sync` directory and use the data directory (discussed below). + +As mentioned above, the **data directory** (stored in `syncthing_data_path` on the host) is mounted to the `/data` directory in the container. We advise that you put data files underneath `/data` when you start using Syncthing. + +If you'd like to **mount additional directories** into the container, look into the `syncthing_container_additional_volumes` variable part of the [`ansible-role-syncthing` role](https://github.com/mother-of-all-self-hosting/ansible-role-syncthing)'s [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-syncthing/blob/main/defaults/main.yml). + + +## Usage + +After installation, you can go to the Syncthing URL, as defined in `syncthing_hostname` and `syncthing_path_prefix`. + +As mentioned in [Configuration & Data](#configuration--data) above, you should: + +- get rid of the `Default Folder` directory that was automatically created in `/var/syncthing/Sync` +- change the default data directory, by going to **Actions** -> **Settings** -> **General** tab -> **Edit Folder Defaults** and changing **Folder Path** to `/data` diff --git a/docs/supported-services.md b/docs/supported-services.md index 7e3168a..b594e62 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -10,8 +10,8 @@ | [Docker Registry Purger](https://github.com/devture/docker-registry-purger) | A small tool used for purging a private Docker Registry's old tags | [Link](services/docker-registry-purger.md) | | [Focalboard](https://www.focalboard.com/) | An open source, self-hosted alternative to [Trello](https://trello.com/), [Notion](https://www.notion.so/), and [Asana](https://asana.com/). | [Link](services/focalboard.md) | | [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | -| [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | -| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | +| [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | +| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) | @@ -23,6 +23,7 @@ | [Radicale](https://radicale.org/) | A Free and Open-Source CalDAV and CardDAV Server (solution for hosting contacts and calendars) | [Link](services/radicale.md) | | [Redmine](https://redmine.org/) | A flexible project management web application. | [Link](services/redmine.md) | | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) | +| [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) | | [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) | | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) | | [Uptime-kuma](https://uptime.kuma.pet/) | A fancy self-hosted monitoring tool | [Link](services/uptime-kuma.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 109f6b2..9718cea 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -111,6 +111,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else []) + + ([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else []) + + ([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else []) + ([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else []) @@ -986,6 +988,39 @@ redis_gid: "{{ mash_playbook_gid }}" +######################################################################## +# # +# syncthing # +# # +######################################################################## + +syncthing_enabled: false + +syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing" + +syncthing_uid: "{{ mash_playbook_uid }}" +syncthing_gid: "{{ mash_playbook_gid }}" + +syncthing_base_path: "{{ mash_playbook_base_path }}/syncthing" + +syncthing_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + }} + +syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /syncthing # +# # +######################################################################## + + + ######################################################################## # # # vaultwarden # diff --git a/requirements.yml b/requirements.yml index f148ab8..9f7c8d6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -115,6 +115,10 @@ name: prometheus version: v2.43.0-0 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-syncthing.git + name: syncthing + version: v1.23.2-0 + - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git name: vaultwarden version: v1.27.0-2 diff --git a/setup.yml b/setup.yml index 8655ae9..e56356c 100644 --- a/setup.yml +++ b/setup.yml @@ -84,6 +84,8 @@ - role: galaxy/redis + - role: galaxy/syncthing + - role: galaxy/vaultwarden - role: galaxy/uptime_kuma